Digital security expert Patrick Wardle has unveiled a new software tool at the RSA Conference 2019 that uses Apple's existing GameplayKit software to help protect users from malware and suspicious activity on their Macs.
The Mac tool called GamePlan was announced at the RSA security conference. As explained, it looks for suspicious activity that could suggest the presence of malware or other threats and then uses Apple's own GameplayKit software to analyze anything it sees. Apple's GameplayKit is intended to be used to determine how games react by triggering rules that developers have set up. Security expert Patrick Wardle has created rules with it, that instead indicate potential problems and vectors of attack.
"GameplayKit takes care of evaluating events and spinning out an action. So, in PacMan, by default the ghosts are hunting PacMan, so that's a rule. If PacMan eats a power pellet, the ghosts run away. That's another rule. So we realized that Apple has done all the hard work for us," Wardle told Wired. Its game-logic engine can also be used to very efficiently process events on a system and spit out a warning."
Apple's macOS Mojave does already monitor for malware, but GamePlan lets users set up very specific rules about what to look for and how to react. The system can look for events such as someone manually copying a file to a USB stick or a piece of software doing so. It can also monitor for the installation of new software, and users can set up rules depending on precisely what is being done.
"If files are copied onto removable USB storage from a developer laptop: No alert," explains Wardle. "But from a human resources laptop: Alert."
Wardle unveiled the tool at an RSA Conference session called "What's Your Game Plan? Leveraging Apple's Game Engine to Detect Threats" on March 5 at the Moscone West center in San Francisco.
Wardle is a longtime security expert who was recently involved in bringing attention to how a flaw in macOS's Quick Look feature could potentially reveal encrypted data.
There are no details yet regarding a timetable for release for GamePlan.
3 Comments
That's cool. I'm skeptical that this will be "productized" so that's relevant to normal people or even companies, but maybe someone will pick up the ball and run with it.
Look for malware or install malware? Appears both could be done with the right rules. Something the App Store review people need to look for.
I didn’t even know Apple was aware of games being a thing on Mac OS.